Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:13 февраля 2007 г.
Источник:
SecurityVulns ID:7217
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:JPORTAL : Jportal 2.3
 JOOMLA : Joomla! 1.0
 DOTCLEAR : Dotclear 1.2
 CPANEL : cPanel 11
CVE:CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.)
 CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.)
 CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.)
 CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.)
 CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.)
 CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.)
 CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.)
 CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.)
 CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.)
Оригинальный текстdocumentcrazy_king_(at)_eno7.org, Inertia News Remote File İnclude (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in eWay (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in lighttpd (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in communityserver ! (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in JBoss Portal (13.02.2007)
 documentme you, Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability (13.02.2007)
 documentclaxus_(at)_gmail.com, Radical Technologies - Portal Search- multiple XSS issue (13.02.2007)
 documentdzitu_(at)_poczta.fm, Jportal 2.3.1 CSRF vulnerability (13.02.2007)
 documentraphael.huck_(at)_free.fr, DotClear Full Path Disclosure Vulnerability (13.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород